Abstracts of All Feature Stories Found In The July 1 2003 Issue of CIO Magazine

Article: IBM’s On-Demand Reality

Author: Christopher Koch

Summary: BASED ON THE STATE of its component technologies, such as grid computing and self-healing technology, IBM’s e-business on-demand promises cannot be fulfilled any time soon. But by putting IBM’s unmatched marketing muscle behind it, the company has gotten the attention of fearful corporate leaders who seem all too willing to get the costly IT mess off their books and into the hands of Big Blue as soon as possible?much like American Express did recently. But if CEOs buy on-demand the same way they bought ERP and CRM?over 19th hole cocktails with consultants?the effects could make the bloated expectations, slow progress and cost overruns of the enterprise era look like best practices by comparison. IBM insists its message has been clear: On-demand is an incremental, long-term vision. But incremental isn’t something most CEOs want to hear. CIOs who’d like to keep their jobs must manage CEO expectations for on-demand and utility computing offerings from IBM, Sun and HP. They must separate hype from reality, temper the outsourcing urge, pressure vendors for interoperability and pursue variable pricing deals. Article: Risk Analysis

Author: Scott Berinato

Summary: WHILE SOME I.T. LEADERS use informal risk assessments in their investment decision-making, most leave this critical step out, and very few do actual risk analyses. Yet the real cumulative risk of investment options would surprise and even shock CIOs who rely on intuition. As the CIOs at Raytheon, Ryder and other companies have found, risk analysis is an essential component of portfolio management. At least, CIOs should be working with risk analysis templates to assess the five core risks of software projects: schedule flaws, requirements inflation, staff turnover, specification breakdown and underperformance. Well-established statistical tools such as Monte Carlo and decision tree analyses can be used. Regardless of the tool, CIOs still need to craft their own risk mitigation strategies and determine with the executive team what level of risk is acceptable and what is not. Article: HIPAA Security Regulations

Author: Alice Dragoon

Summary: LESS THAN 10 PERCENT of health-care organizations have implemented the patient data security policies and procedures required by the federal Health Insurance Portability and Accountability Act (HIPAA), which was passed in 1996 to standardize and protect the transmission of electronic health-care data. The HIPAA Security Rule is not enforceable until April 2005, but CIOs can’t afford to wait. Right now, leading health-care providers are getting executive buy-in and crafting a communication plan for employees. They are assessing which electronic patient data must be protected, where all of that data is stored and where it’s transmitted. They are auditing security practices and implementing authentication technologies. Although data encryption is not required, organizations should invest the relatively nominal sum to encrypt data transmitted outside their institutions. Article: Project Management Offices

Author: Megan Santosus

Summary: MORE AND MORE I.T. Organizations are creating project management offices (PMOs) to provide the structure and expertise needed to improve project success rates. Most respondents to a recent survey of IT executives have seen improvement in project success rates through their PMOs’ standardized practices and repeatable processes. At Sun Life Financial’s American subsidiary, three metrics determine PMO effectiveness: accuracy of cost and schedule estimates and project stakeholder satisfaction. Thanks to the PMO, from 2001 to 2002, these measures improved 25 percent, 31 percent and 9 percent, respectively. But companies looking for a quick reduction in costs may be disappointed; 74 percent of PMO users reported no cost benefit. The type of PMO must be compatible with corporate culture: one might act as a consultant, providing project managers in business units with training, guidance and best practices; another lends project managers to business units to work on projects. Article: Case Files: Vanguard’s Channel Integration

Author: Alice Dragoon

Summary: VANGUARD HAS ALWAYS served its customers virtually. By 1998, customers were using Vanguard.com to open and manage accounts. However, the powerful Web tools soon outstripped the systems used by Vanguard employees?a classic case of channel disparity. After much internal debate, the company decided that the customer service employees should use the same Web interface. Such a brilliantly simple solution resulted in seamless customer service and let Vanguard avoid the expense of a third-party CRM system. That decision ultimately led to a three-tiered architecture: the internal/external Web interface linked to standard midtier business objects running on a single enterprise database for all channels. Identifying consistent definitions for some 4,000 data points wasn’t easy, but Vanguard’s businesspeople hammered out a consensus. Now Vanguard is in the process of retiring at least eight databases.